Subscribe to the InfoTech eNewsletter

infoTECH Feature

August 18, 2009

Cyber Rules of Engagement - Hot Pursuit

Perhaps the most nebulous area of national security is cyber defense. What constitutes an act of cyber war?   What organization should take the lead when cyber events occur and it is unclear who is behind them? Between criminals, “hacktivists,” terrorists or rogue nation states, you really do not know when these events are unfolding so you cannot determines if it is a federal law enforcement issue or an issue for the Department of Homeland Security (DHS) or is it a Military (DoD) issue. For months and, in some cases years, many people and organizations involved in cyber defense and security have been calling for a cyber warfare doctrine that clearly defines the rules of engagement (ROE). Thus far, these calls have gone pretty much unanswered. The rules of cyber warfare, cyber espionage, cyber terrorism and other acts of cyber aggression seem to be made up as we go. At a conference in June, former Air Force Secretary Michael Wynne said that U.S. law allows "hot pursuit" of criminals, so computer users “may have to tolerate some hot pursuit” through their digital world (meaning hard disks on their computers) so authorities can track and ultimately respond to cybercrimes. This was a very interesting statement. The following defines the term Hot Pursuit for law enforcement and the military.
Police Hot Pursuit – Hot pursuit is an exigent circumstance. It usually applies when law enforcement is pursuing a suspected felon into private premises or has probable cause to believe that a crime has been committed on private premises. The Supreme Court stated that “hot pursuit refers to some sort of a chase, hunt, following, tracking, but it need not be an extended hue and cry in and about the public streets”
Reference: (United States v. Santana, 427 U.S. 38, 96 S. Ct. 2406, 49 L. Ed. 2d 300 [1976])
Hot pursuit also applies when the lives of police officers or others are in danger. Thus, the Court has recognized two specific conditions that justify warrantless searches under the rule of hot pursuit: the need to circumvent the destruction of evidence (most applicable here), and the need to prevent the loss of life or serious injury. The Department of Defense (DoD) has its own version of rules around Hot Pursuit. As Hot Pursuit pertains to the military, we found the following definition.
Military Hot Pursuit – Pursuit commenced within the territory, internal waters, the archipelagic waters, the territorial sea, or territorial airspace of the pursuing state and continued without interruption beyond the territory, territorial sea, or airspace. Hot pursuit also exists if pursuit commences within the contiguous or exclusive economic zones or on the continental shelf of the pursuing state, continues without interruption, and is undertaken based on a violation of the rights for the protection of which the zone was established. The right of hot pursuit ceases as soon as the ship or hostile force pursued enters the territory or territorial sea of its own state or of a third state. This definition does not imply that force may or may not be used in connection with hot pursuit. (NOTE: This term applies only to law enforcement activities.)

After the former Air Force Secretary Michael Wynne made his statement, does that mean that the military has determined or is leaning toward defining all acts of cyber aggression are legal matters? If you consider that the rules of “Hot Pursuit” specifically state that they apply ONLY to law enforcement, that would mean the military has determined that ALL acts of cyber aggression are a law enforcement issue and not an act of war? 
A few key points
Until you know who is behind the incident, you do not know if it is a criminal activity, a military attack, a terrorist action; so how can you invoke criminal law?

The nature of these acts of cyber aggression requires a high degree of international cooperation. This calls for a collaborative effort and full international acceptance of the cyber doctrine by the 174 countries (or the vast majority) connected to the Internet. Hot Pursuit is a U.S. law and would not apply to other countries.

The application of “Hot Pursuit” to acts of cyber aggression will without question brings out the privacy advocates and constitutional scholars given the images of systems invasions that this conjures up!

The note at the end of the military definition indicates that Hot Pursuit “ONLY” applies to law enforcement action. This seems to further muddy the waters around decision making in response to acts of cyber aggression against our nation.
The U.S. Government, like many other governments around the world, is behind when it comes to the development of a formal doctrine for response to acts of cyber aggression and the use of offensive cyber capabilities. This doctrine must address the divide between acts of cyber aggression by non-state actors and terrorists and the ever growing number of criminal cyber events that take place. We do not have the framework and cyber law necessary to make these decisions; nor can we act unilaterally when investigating the cross border digital assaults that make up the majority of these incidents. If we were attacked today, I would be concerned our response might be delayed while the Executive Branch of our government seeks council as to the constitutional and legal issue that will be involved in our response.
Back in 2003, President Bush signed a secret directive ordering the government to develop a framework for determining when and how the United States would launch cyber attacks against enemy computer networks. No one is really sure where that stands. The United States’ offensive capabilities and use of cyber weapons is a highly classified, closely guarded military secret. Many believe that a doctrine might disclose too much information and provide intelligence to our adversaries. While this is a distinct possibility, care must be taken to minimize this risk. The stark reality is that the U.S. Government and many nations around the world are routinely engaged in acts of cyber aggression that may rise to the level of cyber war. This has been going on for many years and will continue in the foreseeable future. 
Each and every day we move closer to a cyber event that would bring about a response that could trigger a cyber war. The problem is, without the doctrine, we do not know how close we are to that happening. The proper time to create this doctrine passed years ago and now we must play catch-up.
In the mean time, these are uncertain times and sensitivities are high. Throughout my career, when I exited from several projects or changed employers, there were always exit interviews that counseled as to what I could say and what I could not talk about. Maybe the Government and Military should institute such a policy for high ranking personnel exiting public service.
Given our nation’s reliance on computer systems and networks, the threat posed by acts of cyber aggression are significant. With the stakes this high, the best approach is for DHS, DoD and Law Enforcement to work closely and collaboratively to protect our nation and our businesses and citizens against this threat. Given the high stakes involved, this has to happen.
About the authors:
Gary Clayton is the founder of the Privacy Compliance Group. He is an attorney and former prosecutor with over a decade of experience working with companies and the U.S. Government on data protection and privacy issues. Gary focuses on issues related to compliance with international data protection laws and regulations.
Kevin Coleman is a Kellogg School of Management Executive Scholar and a Senior Fellow with the Technolytics Institute and the former Chief Strategist of Netscape. He has nearly two decades of experience working in advanced technology and security. Kevin focuses on issues related to cyber security, cyber warfare and technology data protection. In addition, he has briefed over sixty members of the intelligence community, presented before U.S. Strategic Command twice, testified before congressional commissions twice, personally briefing leaders on capitol hill and has published over 100 articles and papers of the implications of cyber warfare, cyber espionage and cyber terrorism. 

Follow ITEXPO (News - Alert) on Twitter:

Kevin G. Coleman, a consultant and advisor with Technolytics Institute, writes the Data Security column for TMCnet. To read more articles by Kevin, please visit his columnist page.

Edited by Erik Linask

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers